CVE-2018-1000085 (retired)

ClamAV version version 0.99.3 contains a Out of bounds heap memory readvulnerability in XAR parser, function xar_hash_check() that can result inLeaking of memory, may help in developing exploit chains.. This attackappear to be exploitable via The victim must scan a crafted XAR file. Thisvulnerability appears to have been fixed in after commitd96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.